<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML>
<HEAD>
<TITLE>Apache module mod_access</TITLE>
</HEAD>

<BODY>
<!--#include virtual="header.html" -->

<H1>Module mod_access</h1>

This module is contained in the <code>mod_access.c</code> file, and
is compiled in by default. It provides access control based on client
hostname or IP address.


<menu>
<li><A HREF="#allow">allow</A>
<li><A HREF="#deny">deny</A>
<li><A HREF="#order">order</A>
</menu>
<hr>


<A name="allow"><h2>allow</h2></A>
<!--%plaintext &lt;?INDEX {\tt allow} directive&gt; -->
<strong>Syntax:</strong> allow from <em>host host ...</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_access<p>

The allow directive affects which hosts can access a given directory; it is
typically used within a <A HREF="core.html#limit">&lt;Limit&gt;</A> section.
<em>Host</em> is one of the following:
<dl>
<dt><code>all</code>
<dd>all hosts are allowed access
<dt>A (partial) domain-name
<dd>host whose name is, or ends in, this string are allowed access.
<dt>A full IP address
<dd>An IP address of a host allowed access
<dt>A partial IP address
<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.
</dl>

Example:<blockquote><code>allow from .ncsa.uiuc.edu</code></blockquote>
All hosts in the specified domain are allowed access.<p>

Note that this compares whole components; <code>bar.edu</code>
would not match <code>foobar.edu</code>.<p>

See also <A HREF="#deny">deny</A> and <A HREF="#order">order</A>.<p><hr>

<A name="deny"><h2>deny</h2></A>
<!--%plaintext &lt;?INDEX {\tt deny} directive&gt; -->
<strong>Syntax:</strong> deny from <em>host host ...</em><br>
<Strong>Context:</strong> directory, .htaccess<br>
<Strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_access<p>

The deny directive affects which hosts can access a given directory; it is
typically used within a <A HREF="core.html#limit">&lt;Limit&gt;</A> section.
<em>Host</em> is one of the following:
<dl>
<dt><code>all</code>
<dd>all hosts are denied access
<dt>A (partial) domain-name
<dd>host whose name is, or ends in, this string are denied access.
<dt>A full IP address
<dd>An IP address of a host denied access
<dt>A partial IP address
<dd>The first 1 to 3 bytes of an IP address, for subnet restriction.
</dl>

Example:<blockquote><code>deny from 16</code></blockquote>
All hosts in the specified network are denied access.<p>

Note that this compares whole components; <code>bar.edu</code>
would not match <code>foobar.edu</code>.<p>

See also <A HREF="#allow">allow</A> and <A HREF="#order">order</A>.<p><hr>

<A name="order"><h2>order</h2></A>
<!--%plaintext &lt;?INDEX {\tt order} directive&gt; -->
<strong>Syntax:</strong> order <em>ordering</em><br>
<strong>Default:</strong> <code>order deny,allow</code><br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Override:</strong> Limit<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_access<p>

The order directive controls the order in which <A HREF="#allow">allow</A> and
<A HREF="#deny">deny</A> directives are evaluated. <em>Ordering</em> is one
of
<dl>
<dt>deny,allow
<dd>the deny directives are evaluated before the allow directives.
<dt>allow,deny
<dd>the allow directives are evaluated before the deny directives.
<dt>mutual-failure
<dd>Only those hosts which appear on the allow list and do not appear
on the deny list are granted access.
</dl>

Example:
<blockquote><code>
order deny,allow
deny from all
allow from .ncsa.uiuc.edu
</code></blockquote>
Hosts in the ncsa.uiuc.edu domain are allowed access; all other hosts are
denied access.

<!--#include virtual="footer.html" -->
</BODY>
</HTML>

